During the past several years, the Payment Card Industry Data Security Standardor PCI DSShas in some ways stood out as a model of industry self-regulation. Born from internal standards from American Express, MasterCard, Visa, Discover and the Japan Credit Bureau, PCI DSS was synthesized together to align the policies of the payment card industry in order to prevent credit card fraud. In the past several years, the standard has undergone its share of changes, culminating with the recent release of PCI DSS 2.0. While passing a PCI DSS checklist should not be taken as evidence that security is foolproof, it is also true that an analysis released by Verizon in October 2010 found breached organizations are 50 percent less likely to be compliant than a normal population of clients using its PCI assessment service. But all roses have thorns. In a Cisco-sponsored survey, InsightExpress questioned 500 IT decision makers about PCI DSS, offering a window into some of the challenges and costs associated with compliance as well as what technologies they are adopting to meet those requirements. Some of the answers may surprise you.